STIGQter STIGQter: STIG Summary: IBM AIX 7.x Security Technical Implementation Guide Version: 2 Release: 2 Benchmark Date: 23 Apr 2021:

AIX must be configured to use syslogd to log events by TCPD.

DISA Rule

SV-215314r508663_rule

Vulnerability Number

V-215314

Group Title

SRG-OS-000365-GPOS-00152

Rule Version

AIX7-00-002133

Severity

CAT II

CCI(s)

Weight

10

Fix Recommendation

Configure the access restriction program to log every access attempt. Ensure the implementation instructions for TCP_WRAPPERS are followed, so system access attempts are logged into the system log files. If an alternate application is used, it must support this function. Edit the "/etc/syslog.conf" file by writing the following to the file.
auth.info /var/log/messages

# touch /var/log/messages
# refresh -s yslogd

Check Contents

Normally, TCPD logs to the "mail" facility in "/etc/syslog.conf". Determine if syslog is configured to log events by TCPD.

Procedure:
# more /etc/syslog.conf

Look for entries similar to the following:
mail.debug /var/adm/maillog
mail.none /var/adm/maillog
mail.* /var/log/mail
auth.info /var/log/messages

The above entries would indicate mail alerts are being logged.

If no entries for "mail" exist, then TCPD is not logging and this is a finding.

Vulnerability Number

V-215314

Documentable

False

Rule Version

AIX7-00-002133

Severity Override Guidance

Normally, TCPD logs to the "mail" facility in "/etc/syslog.conf". Determine if syslog is configured to log events by TCPD.

Procedure:
# more /etc/syslog.conf

Look for entries similar to the following:
mail.debug /var/adm/maillog
mail.none /var/adm/maillog
mail.* /var/log/mail
auth.info /var/log/messages

The above entries would indicate mail alerts are being logged.

If no entries for "mail" exist, then TCPD is not logging and this is a finding.

Check Content Reference

M

Target Key

4012

Comments